Field of the Invention
The present invention relates to a monitoring technique for a security policy included in setting information for a network device connected to a network.
Description of the Related Art
There has been proposed a system in which a network device is connected to a network inside an office. The network device is, for example, a PC (Personal Computer), a server apparatus, an image forming apparatus, and the like.
Recently, a certain network device has the same function as other server apparatuses existing on the network, and such a device not only simply prints or transmits an image, but also stores image data and provides a file service function.
In light of this background, there has been developed a network device that can set information regarding security (hereinafter called “security information”), such as a setting that necessarily requires user authentication, or encryption of a communication pathway.
In addition, there has been developed a network device having a function that follows the security policy (hereinafter called “policy setting function”) similar to a PC (Personal Computer) or a server apparatus. The security policy of the network device is a basic policy related to information security for the network device, and is defined, for example, for preventing a usage of information by an unauthorized user or an information leak.
Also, the policy setting function of the network device means a function that integrally manages a plurality of settings included in the security policy. The settings included in the security policy include, for example, a user authentication/password setting, a setting related to encryption of a communication pathway, a setting related to job execution, a setting related to a security log, and the like.
By importing a pre-generated definition file for the security policy into the network device having the policy setting function, change in the security policy from outside is enabled. Also, by exporting the definition file from the network device, output of security information for the device itself is enabled.
For the security policy, it is required for managing the security policy to maintain its settings in an appropriate state. For this purpose, there has been proposed a system in which a server manages the settings included in the security policy of the network device. Japanese Patent Laid-Open No. 2002-247033 discloses a security management system that periodically monitors the security policies of the variety of apparatuses, and corrects settings of the security policy if settings that conflict with the security policy in an organization are detected.
In the network device having the policy setting function, the settings included in the security policy can be changed by a specific authentication account of a policy manager, but cannot be changed by a user account of a general user. Thus, a server can integrally manage such settings included in the security policy with respect to the network device having the policy setting function in accordance with the intentions of the policy manager.
On the other hand, in the network device not having the policy setting function, the setting related to user authentication, or the setting related to encryption of the communication pathway can be enabled by using the user account of the general user. Hence, it is assumed that a setting change that the policy manager does not intend may be made to the network device not having the policy setting function. As a result, the server cannot effectively manage the security policy of the network device under an environment where the network device having the policy setting function and the network device not having the policy setting function are mixed.